mirror of
https://github.com/ethereum/solidity
synced 2023-10-03 13:03:40 +00:00
Fix use of uninitialized functions stored in storage.
This commit is contained in:
parent
eac0048176
commit
5b991c1e59
@ -30,6 +30,7 @@ Bugfixes:
|
|||||||
* Type System: Use correct type name for contracts in event parameters when used in
|
* Type System: Use correct type name for contracts in event parameters when used in
|
||||||
libraries. This affected code generation.
|
libraries. This affected code generation.
|
||||||
* Yul: Properly register functions and disallow shadowing between function variables and variables in the outside scope.
|
* Yul: Properly register functions and disallow shadowing between function variables and variables in the outside scope.
|
||||||
|
* Code Generator: Fix initialization routine of uninitialized internal function pointers in constructor context.
|
||||||
|
|
||||||
Build System:
|
Build System:
|
||||||
* Soltest: Add commandline option `--test` / `-t` to isoltest which takes a string that allows filtering unit tests.
|
* Soltest: Add commandline option `--test` / `-t` to isoltest which takes a string that allows filtering unit tests.
|
||||||
|
@ -1,4 +1,12 @@
|
|||||||
[
|
[
|
||||||
|
{
|
||||||
|
"name": "UninitializedFunctionPointerInConstructor",
|
||||||
|
"summary": "Calling uninitialized internal function pointers created in the constructor does not always revert and can cause unexpected behaviour.",
|
||||||
|
"description": "Uninitialized internal function pointers point to a special piece of code that causes a revert when called. Jump target positions are different during construction and after deployment, but the code for setting this special jump target only considered the situation after deployment.",
|
||||||
|
"introduced": "0.4.5",
|
||||||
|
"fixed": "0.5.8",
|
||||||
|
"severity": "very low"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "IncorrectEventSignatureInLibraries",
|
"name": "IncorrectEventSignatureInLibraries",
|
||||||
"summary": "Contract types used in events in libraries cause an incorrect event signature hash",
|
"summary": "Contract types used in events in libraries cause an incorrect event signature hash",
|
||||||
|
@ -380,6 +380,7 @@
|
|||||||
},
|
},
|
||||||
"0.4.10": {
|
"0.4.10": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
"NestedArrayFunctionCallDecoder",
|
"NestedArrayFunctionCallDecoder",
|
||||||
@ -393,6 +394,7 @@
|
|||||||
},
|
},
|
||||||
"0.4.11": {
|
"0.4.11": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
"NestedArrayFunctionCallDecoder",
|
"NestedArrayFunctionCallDecoder",
|
||||||
@ -405,6 +407,7 @@
|
|||||||
},
|
},
|
||||||
"0.4.12": {
|
"0.4.12": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
"NestedArrayFunctionCallDecoder",
|
"NestedArrayFunctionCallDecoder",
|
||||||
@ -416,6 +419,7 @@
|
|||||||
},
|
},
|
||||||
"0.4.13": {
|
"0.4.13": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
"NestedArrayFunctionCallDecoder",
|
"NestedArrayFunctionCallDecoder",
|
||||||
@ -427,6 +431,7 @@
|
|||||||
},
|
},
|
||||||
"0.4.14": {
|
"0.4.14": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
"NestedArrayFunctionCallDecoder",
|
"NestedArrayFunctionCallDecoder",
|
||||||
@ -437,6 +442,7 @@
|
|||||||
},
|
},
|
||||||
"0.4.15": {
|
"0.4.15": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
"NestedArrayFunctionCallDecoder",
|
"NestedArrayFunctionCallDecoder",
|
||||||
@ -446,6 +452,7 @@
|
|||||||
},
|
},
|
||||||
"0.4.16": {
|
"0.4.16": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
"NestedArrayFunctionCallDecoder",
|
"NestedArrayFunctionCallDecoder",
|
||||||
@ -455,6 +462,7 @@
|
|||||||
},
|
},
|
||||||
"0.4.17": {
|
"0.4.17": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
"EventStructWrongData",
|
"EventStructWrongData",
|
||||||
@ -465,6 +473,7 @@
|
|||||||
},
|
},
|
||||||
"0.4.18": {
|
"0.4.18": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
"EventStructWrongData",
|
"EventStructWrongData",
|
||||||
@ -474,6 +483,7 @@
|
|||||||
},
|
},
|
||||||
"0.4.19": {
|
"0.4.19": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ABIEncoderV2PackedStorage",
|
"ABIEncoderV2PackedStorage",
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
@ -500,6 +510,7 @@
|
|||||||
},
|
},
|
||||||
"0.4.20": {
|
"0.4.20": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ABIEncoderV2PackedStorage",
|
"ABIEncoderV2PackedStorage",
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
@ -510,6 +521,7 @@
|
|||||||
},
|
},
|
||||||
"0.4.21": {
|
"0.4.21": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ABIEncoderV2PackedStorage",
|
"ABIEncoderV2PackedStorage",
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
@ -520,6 +532,7 @@
|
|||||||
},
|
},
|
||||||
"0.4.22": {
|
"0.4.22": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ABIEncoderV2PackedStorage",
|
"ABIEncoderV2PackedStorage",
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
@ -530,6 +543,7 @@
|
|||||||
},
|
},
|
||||||
"0.4.23": {
|
"0.4.23": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ABIEncoderV2PackedStorage",
|
"ABIEncoderV2PackedStorage",
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
@ -539,6 +553,7 @@
|
|||||||
},
|
},
|
||||||
"0.4.24": {
|
"0.4.24": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ABIEncoderV2PackedStorage",
|
"ABIEncoderV2PackedStorage",
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
@ -548,6 +563,7 @@
|
|||||||
},
|
},
|
||||||
"0.4.25": {
|
"0.4.25": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ABIEncoderV2PackedStorage"
|
"ABIEncoderV2PackedStorage"
|
||||||
],
|
],
|
||||||
@ -584,6 +600,7 @@
|
|||||||
},
|
},
|
||||||
"0.4.5": {
|
"0.4.5": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
"NestedArrayFunctionCallDecoder",
|
"NestedArrayFunctionCallDecoder",
|
||||||
@ -599,6 +616,7 @@
|
|||||||
},
|
},
|
||||||
"0.4.6": {
|
"0.4.6": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
"NestedArrayFunctionCallDecoder",
|
"NestedArrayFunctionCallDecoder",
|
||||||
@ -613,6 +631,7 @@
|
|||||||
},
|
},
|
||||||
"0.4.7": {
|
"0.4.7": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
"NestedArrayFunctionCallDecoder",
|
"NestedArrayFunctionCallDecoder",
|
||||||
@ -626,6 +645,7 @@
|
|||||||
},
|
},
|
||||||
"0.4.8": {
|
"0.4.8": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
"NestedArrayFunctionCallDecoder",
|
"NestedArrayFunctionCallDecoder",
|
||||||
@ -639,6 +659,7 @@
|
|||||||
},
|
},
|
||||||
"0.4.9": {
|
"0.4.9": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ExpExponentCleanup",
|
"ExpExponentCleanup",
|
||||||
"NestedArrayFunctionCallDecoder",
|
"NestedArrayFunctionCallDecoder",
|
||||||
@ -652,6 +673,7 @@
|
|||||||
},
|
},
|
||||||
"0.5.0": {
|
"0.5.0": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ABIEncoderV2PackedStorage"
|
"ABIEncoderV2PackedStorage"
|
||||||
],
|
],
|
||||||
@ -659,6 +681,7 @@
|
|||||||
},
|
},
|
||||||
"0.5.1": {
|
"0.5.1": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ABIEncoderV2PackedStorage"
|
"ABIEncoderV2PackedStorage"
|
||||||
],
|
],
|
||||||
@ -666,6 +689,7 @@
|
|||||||
},
|
},
|
||||||
"0.5.2": {
|
"0.5.2": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ABIEncoderV2PackedStorage"
|
"ABIEncoderV2PackedStorage"
|
||||||
],
|
],
|
||||||
@ -673,6 +697,7 @@
|
|||||||
},
|
},
|
||||||
"0.5.3": {
|
"0.5.3": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ABIEncoderV2PackedStorage"
|
"ABIEncoderV2PackedStorage"
|
||||||
],
|
],
|
||||||
@ -680,6 +705,7 @@
|
|||||||
},
|
},
|
||||||
"0.5.4": {
|
"0.5.4": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ABIEncoderV2PackedStorage"
|
"ABIEncoderV2PackedStorage"
|
||||||
],
|
],
|
||||||
@ -687,6 +713,7 @@
|
|||||||
},
|
},
|
||||||
"0.5.5": {
|
"0.5.5": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ABIEncoderV2PackedStorage",
|
"ABIEncoderV2PackedStorage",
|
||||||
"IncorrectByteInstructionOptimization",
|
"IncorrectByteInstructionOptimization",
|
||||||
@ -696,6 +723,7 @@
|
|||||||
},
|
},
|
||||||
"0.5.6": {
|
"0.5.6": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries",
|
"IncorrectEventSignatureInLibraries",
|
||||||
"ABIEncoderV2PackedStorage",
|
"ABIEncoderV2PackedStorage",
|
||||||
"IncorrectByteInstructionOptimization"
|
"IncorrectByteInstructionOptimization"
|
||||||
@ -704,6 +732,7 @@
|
|||||||
},
|
},
|
||||||
"0.5.7": {
|
"0.5.7": {
|
||||||
"bugs": [
|
"bugs": [
|
||||||
|
"UninitializedFunctionPointerInConstructor",
|
||||||
"IncorrectEventSignatureInLibraries"
|
"IncorrectEventSignatureInLibraries"
|
||||||
],
|
],
|
||||||
"released": "2019-03-26"
|
"released": "2019-03-26"
|
||||||
|
@ -1143,6 +1143,14 @@ void CompilerUtils::pushZeroValue(Type const& _type)
|
|||||||
m_context << m_context.lowLevelFunctionTag("$invalidFunction", 0, 0, [](CompilerContext& _context) {
|
m_context << m_context.lowLevelFunctionTag("$invalidFunction", 0, 0, [](CompilerContext& _context) {
|
||||||
_context.appendInvalid();
|
_context.appendInvalid();
|
||||||
});
|
});
|
||||||
|
if (CompilerContext* runCon = m_context.runtimeContext())
|
||||||
|
{
|
||||||
|
leftShiftNumberOnStack(32);
|
||||||
|
m_context << runCon->lowLevelFunctionTag("$invalidFunction", 0, 0, [](CompilerContext& _context) {
|
||||||
|
_context.appendInvalid();
|
||||||
|
}).toSubAssemblyTag(m_context.runtimeSub());
|
||||||
|
m_context << Instruction::OR;
|
||||||
|
}
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -0,0 +1,23 @@
|
|||||||
|
contract C {
|
||||||
|
|
||||||
|
function() internal storedFn;
|
||||||
|
|
||||||
|
bool flag;
|
||||||
|
|
||||||
|
constructor() public {
|
||||||
|
if (!flag) {
|
||||||
|
flag = true;
|
||||||
|
function() internal invalid;
|
||||||
|
storedFn = invalid;
|
||||||
|
invalid();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
function f() public pure {}
|
||||||
|
}
|
||||||
|
contract Test {
|
||||||
|
function f() public {
|
||||||
|
new C();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// ----
|
||||||
|
// f() -> FAILURE
|
@ -0,0 +1,23 @@
|
|||||||
|
contract C {
|
||||||
|
|
||||||
|
function() internal storedFn;
|
||||||
|
|
||||||
|
bool flag;
|
||||||
|
|
||||||
|
constructor() public {
|
||||||
|
if (!flag) {
|
||||||
|
flag = true;
|
||||||
|
function() internal invalid;
|
||||||
|
storedFn = invalid;
|
||||||
|
storedFn();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
function f() public pure {}
|
||||||
|
}
|
||||||
|
contract Test {
|
||||||
|
function f() public {
|
||||||
|
new C();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// ----
|
||||||
|
// f() -> FAILURE
|
@ -0,0 +1,39 @@
|
|||||||
|
pragma solidity ^0.5.7;
|
||||||
|
|
||||||
|
contract InvalidTest {
|
||||||
|
|
||||||
|
function() internal storedFn;
|
||||||
|
uint public x;
|
||||||
|
|
||||||
|
constructor() public {
|
||||||
|
uint _y1;
|
||||||
|
uint _y2;
|
||||||
|
uint _y3;
|
||||||
|
uint _y4;
|
||||||
|
uint _y5;
|
||||||
|
uint _y6;
|
||||||
|
uint _y7;
|
||||||
|
uint _y8;
|
||||||
|
uint _y9;
|
||||||
|
uint _y10;
|
||||||
|
uint _y11;
|
||||||
|
uint _y12;
|
||||||
|
uint _y13;
|
||||||
|
uint _y14;
|
||||||
|
|
||||||
|
|
||||||
|
function() internal invalid;
|
||||||
|
storedFn = invalid;
|
||||||
|
}
|
||||||
|
|
||||||
|
function run() public {
|
||||||
|
// this did not always cause revert in the past
|
||||||
|
storedFn();
|
||||||
|
}
|
||||||
|
|
||||||
|
function z() public {
|
||||||
|
x++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// ----
|
||||||
|
// run() -> FAILURE
|
@ -0,0 +1,19 @@
|
|||||||
|
contract InvalidTest {
|
||||||
|
|
||||||
|
function() internal storedFn;
|
||||||
|
|
||||||
|
bool flag;
|
||||||
|
|
||||||
|
constructor() public {
|
||||||
|
function() internal invalid;
|
||||||
|
storedFn = invalid;
|
||||||
|
}
|
||||||
|
function f() public returns (uint) {
|
||||||
|
if (flag) return 2;
|
||||||
|
flag = true;
|
||||||
|
storedFn();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// ----
|
||||||
|
// f() -> FAILURE
|
||||||
|
// f() -> FAILURE
|
Loading…
Reference in New Issue
Block a user